{"id":"https://openalex.org/W1994894547","doi":"https://doi.org/10.1145/1823844.1823846","title":"On mitigating sampling-induced accuracy loss in traffic anomaly detection systems","display_name":"On mitigating sampling-induced accuracy loss in traffic anomaly detection systems","publication_year":2010,"publication_date":"2010-06-22","ids":{"openalex":"https://openalex.org/W1994894547","doi":"https://doi.org/10.1145/1823844.1823846","mag":"1994894547"},"language":"en","primary_location":{"id":"doi:10.1145/1823844.1823846","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1823844.1823846","pdf_url":null,"source":{"id":"https://openalex.org/S66039016","display_name":"ACM SIGCOMM Computer Communication Review","issn_l":"0146-4833","issn":["0146-4833","1943-5819"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGCOMM Computer Communication Review","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111155841","display_name":"Sardar Ali","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":true,"raw_author_name":"Sardar Ali","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013243967","display_name":"Irfan Ul Haq","orcid":"https://orcid.org/0000-0002-7480-2351"},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Irfan Ul Haq","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050971756","display_name":"Sajjad Rizvi","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Sajjad Rizvi","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041290997","display_name":"Naurin Rasheed","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Naurin Rasheed","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001522674","display_name":"Unum Sarfraz","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Unum Sarfraz","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110173633","display_name":"Syed Ali Khayam","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Syed Ali Khayam","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068442949","display_name":"Fauzan Mirza","orcid":null},"institutions":[{"id":"https://openalex.org/I929597975","display_name":"National University of Sciences and Technology","ror":"https://ror.org/03w2j5y17","country_code":"PK","type":"education","lineage":["https://openalex.org/I929597975"]}],"countries":["PK"],"is_corresponding":false,"raw_author_name":"Fauzan Mirza","raw_affiliation_strings":["National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan"],"affiliations":[{"raw_affiliation_string":"National University of Sciences &amp; Technology (NUST), Islamabad, Pakistan","institution_ids":["https://openalex.org/I929597975"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5111155841"],"corresponding_institution_ids":["https://openalex.org/I929597975"],"apc_list":null,"apc_paid":null,"fwci":3.9173,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.93581524,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"40","issue":"3","first_page":"4","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.797753095626831},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7310510873794556},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6653449535369873},{"id":"https://openalex.org/keywords/sampling","display_name":"Sampling (signal processing)","score":0.6412137150764465},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.584834635257721},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.5827985405921936},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.558997392654419},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5074524283409119},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4703878164291382},{"id":"https://openalex.org/keywords/hop","display_name":"Hop (telecommunications)","score":0.46424660086631775},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.4504099190235138},{"id":"https://openalex.org/keywords/packet-loss","display_name":"Packet loss","score":0.43570056557655334},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.4289233088493347},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.24180465936660767},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.09613895416259766},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.06747716665267944}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.797753095626831},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7310510873794556},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6653449535369873},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.6412137150764465},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.584834635257721},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.5827985405921936},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.558997392654419},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5074524283409119},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4703878164291382},{"id":"https://openalex.org/C25906391","wikidata":"https://www.wikidata.org/wiki/Q1432381","display_name":"Hop (telecommunications)","level":2,"score":0.46424660086631775},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.4504099190235138},{"id":"https://openalex.org/C54108766","wikidata":"https://www.wikidata.org/wiki/Q391064","display_name":"Packet loss","level":3,"score":0.43570056557655334},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.4289233088493347},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.24180465936660767},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.09613895416259766},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.06747716665267944},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1823844.1823846","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1823844.1823846","pdf_url":null,"source":{"id":"https://openalex.org/S66039016","display_name":"ACM SIGCOMM Computer Communication Review","issn_l":"0146-4833","issn":["0146-4833","1943-5819"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGCOMM Computer Communication Review","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W44307044","https://openalex.org/W1527422375","https://openalex.org/W1548413436","https://openalex.org/W1560486077","https://openalex.org/W1604044955","https://openalex.org/W1744212210","https://openalex.org/W1974918169","https://openalex.org/W1977141583","https://openalex.org/W1996998694","https://openalex.org/W2031657002","https://openalex.org/W2085533912","https://openalex.org/W2108673751","https://openalex.org/W2117747231","https://openalex.org/W2121035740","https://openalex.org/W2121511513","https://openalex.org/W2123583026","https://openalex.org/W2126453171","https://openalex.org/W2127455097","https://openalex.org/W2133910774","https://openalex.org/W2148886022","https://openalex.org/W2150213544","https://openalex.org/W2161317557","https://openalex.org/W2162240407","https://openalex.org/W2164210932","https://openalex.org/W2164532265","https://openalex.org/W2168917894","https://openalex.org/W4206137901","https://openalex.org/W6631540760","https://openalex.org/W6633662972"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W3210364259","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W2912112202","https://openalex.org/W2667207928","https://openalex.org/W4300558037","https://openalex.org/W4377864969","https://openalex.org/W3030345572"],"abstract_inverted_index":{"Real-time":[0],"Anomaly":[1],"Detection":[2],"Systems":[3],"(ADSs)":[4],"use":[5],"packet":[6,108,111,152,159,223],"sampling":[7,65,79,83,160],"to":[8,31,34,60,76,115,149,213],"realize":[9],"traffic":[10,70,174],"analysis":[11],"at":[12,181],"wire":[13],"speeds.":[14],"While":[15],"recent":[16],"studies":[17],"have":[18],"shown":[19],"that":[20,137,198],"a":[21,46,55,77,93,99,106,131],"considerable":[22],"loss":[23,37],"of":[24,68,105,143],"anomaly":[25,58,195],"detection":[26,146],"accuracy":[27,63],"is":[28],"incurred":[29],"due":[30],"sampling,":[32,73],"solutions":[33],"mitigate":[35],"this":[36,42],"are":[38,85],"largely":[39],"unexplored.":[40],"In":[41],"paper,":[43],"we":[44,169],"propose":[45],"Progressive":[47],"Security-Aware":[48],"Packet":[49],"Sampling":[50],"(PSAS)":[51],"algorithm":[52,147],"which":[53],"enables":[54],"real-time":[56],"inline":[57,89],"detector":[59],"achieve":[61,214],"higher":[62,132,157,216],"by":[64,87],"larger":[66],"volumes":[67],"malicious":[69,82,129,158],"than":[71,218],"random":[72,222],"while":[74,200],"adhering":[75],"given":[78],"budget.":[80],"High":[81],"rates":[84],"achieved":[86],"deploying":[88],"ADSs":[90],"progressively":[91],"on":[92,221],"packet's":[94],"path.":[95],"Each":[96],"ADS":[97],"encodes":[98],"binary":[100],"score":[101],"(malicious":[102],"or":[103],"benign)":[104],"sampled":[107],"into":[109],"the":[110,116,144,151,165],"before":[112],"forwarding":[113],"it":[114],"next":[117,121],"hop":[118,122],"node.":[119],"The":[120],"node":[123],"then":[124],"samples":[125],"packets":[126],"marked":[127],"as":[128],"with":[130],"probability.":[133],"We":[134],"analytically":[135],"prove":[136],"under":[138],"certain":[139],"realistic":[140],"conditions,":[141],"irrespective":[142],"intrusion":[145],"used":[148],"formulate":[150],"score,":[153],"PSAS":[154,167],"always":[155],"provides":[156],"rates.":[161],"To":[162],"empirically":[163],"evaluate":[164],"proposed":[166],"algorithm,":[168],"simultaneously":[170],"collect":[171],"an":[172],"Internet":[173],"dataset":[175],"containing":[176],"DoS":[177],"and":[178,206],"portscan":[179],"attacks":[180],"three":[182],"different":[183],"deployment":[184],"points":[185],"in":[186],"our":[187],"university's":[188],"network.":[189],"Experimental":[190],"results":[191],"using":[192],"four":[193],"existing":[194],"detectors":[196,212],"show":[197],"PSAS,":[199],"having":[201],"no":[202],"extra":[203],"communication":[204],"overhead":[205],"extremely":[207],"low":[208],"complexity,":[209],"allows":[210],"these":[211],"significantly":[215],"accuracies":[217],"those":[219],"operating":[220],"samples.":[224]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":6},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}